Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms

Posted on March 30th, 2019 by Responsible Cyber

An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 […]

Read More

UK Watchdog Criticizes Huawei for Lax Software Security, Development

Posted on March 30th, 2019 by Responsible Cyber

Calling the company’s software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code. The group responsible for overseeing Huawei’s technical compliance with software and security standards in the UK roundly criticized the company for “serious and systematic defects in software […]

Read More

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

Posted on March 28th, 2019 by Responsible Cyber

Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. However, where previously the group […]

Read More

FIN7 Cybercrime Gang Rises Again

Posted on March 24th, 2019 by Responsible Cyber

The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code. The FIN7 cybercrime group continues to wage cyberattacks even in the wake of the arrest last year of three of its key members: researchers say FIN7 now is deploying new […]

Read More

Hackers use Slack to hide malware communications

Posted on March 14th, 2019 by Responsible Cyber

A group of hackers is using a previously undocumented backdoor program designed to interact with attackers over Slack. While abusing legitimate services for malware command-and-control purposes is not a new development, this is the first time researchers have seen Slack, a popular enterprise collaboration tool, being used in this way. The backdoor was detected by […]

Read More

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

Posted on March 1st, 2019 by Responsible Cyber

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols.According to a paper published by the researchers, “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information,” the new attacks could allow remote attackers to bypass security […]

Read More

Attacking Soldiers on Social Media

Posted on March 1st, 2019 by Responsible Cyber

A research group at NATO’s Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise — we don’t know what country they were from — to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated […]

Read More

North Korean hackers target Russian-based companies

Posted on February 21st, 2019 by Responsible Cyber

For the first time, the North Korean APT Lazarus group seems to be participating in coordinated attacks against Russian-based companies. According to CheckPoint Research, the attacks over the past several weeks were likely launched by the Lazarus subdivision “Bluenoroff, whose main focus is monetization and global espionage campaigns.” The North Koreans choosing to cyber-attack Russia […]

Read More

North Korea’s Lazarus Group Targets Russian Companies For First Time

Posted on February 20th, 2019 by Responsible Cyber

In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says. North Korea’s Lazarus Group, known for its sophisticated cyberattacks on organizations in the US, South Korea, Japan, and other countries, has for […]

Read More

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

Posted on February 14th, 2019 by Responsible Cyber

Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge.The Facetime bug (CVE-2019-6223) was discovered by 14-year-old Grant […]

Read More